﻿<!--#include file="const.inc"-->
<%
'====================================================================
' 感谢使用晴天3G智能建站系统..
' 作者:梁永强.QQ:766750857
' 官方网址:wap.qt3g.com
' 声明:软件版权归作者所有,没有经过作者本人同意不得非法破解和传播本程序
'====================================================================
%>
<%
Response.Expires = -1
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Cache-Control", "no-cache, must-revalidate"
Server.ScriptTimeOut = 3600
select case v
case "0"
we0="<br/>"
%>
<card id="login" title="上传文件"><p align="<%=qingtian.px%>">
<%
case "1"
hr="<hr>"
zi="<span style=""color:#FF5500"">"
zi0="</span>"
we="<div class=""footer"">"
sou="<div class=""block4"">"
dao="<div class=""navi"">"
we0="</div>"
%>
<title>上传文件</title>
</head>
<body>
<!--#include virtual="/css.inc"-->
<%
End Select
dim dir,tsid,url
url=request.querystring("url")
dir=request.querystring("dir")
tsid=request.querystring("tsid")
	if tsid<>"" or tsid<>"Null"then
		if left(tsid,4)="3GQT" then

			dim rs,sql
			Set Rs = Server.CreateObject("Adodb.Recordset")
			Sql = "select id from qingtian_admin where sid= '" & qingtian.Formatsid(tsid) & "'"
			Rs.Open Sql,conn,1,1
			if rs.bof and rs.eof  then
				tsid="Null"
			end if
			Rs.close
			set rs=nothing
		else
			tsid="Null"
		end if
	else
		tsid="Null"
	end if
if tsid="Null" then
	Response.Redirect "/shuogewansui/login.asp"
	Response.end
end if


			dim ip,name,content,member
	dim filesize,upfile,AllowFileExt,formPath,i,fileExt,uploadsuc,ranNum,filename,upfilesize,UploadPath,FilePath,errs
	dim FsoObj1,Upload,File,FormName,path,FilePath2
	errs=false
	UploadPath = "../img"&dir&"/"
	FilePath=UploadPath
	dim filetype


	Set Rs = Server.CreateObject("Adodb.Recordset")

	Sql = "SELECT [upfile],[filesize],[format],[filetype] FROM [qingtian_bbs_config]"

	Rs.Open Sql,conn,1,1
	if not (rs.bof and rs.eof) then
		filetype=rs("filetype")
		upfile=rs("upfile")
		upfilesize=rs("filesize")
		AllowFileExt=rs("format")
	else
	end if
	Rs.close
	set rs=nothing


if upfile=true then

	set upload=new upfile_class ''建立上传对象
	upload.GetData(upfilesize*1024)   '取得上传数据,限制最大上传100M

	if upload.err > 0 then  '如果出错
		select case upload.err
			case 1
				%><%=we%>请先选择你要上传的文件！<%=we0%><%
				%><%=sou%><a href="wenjian.asp?dir=<%=dir%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
			case 2
				%><%=we%>你上传的文件总大小超出了最大限制（<%=upfilesize%>KB）<%=we0%><%
				%><%=sou%><a href="wenjian.asp?dir=<%=dir%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
		end select

	end if



			ip=Request.ServerVariables("REMOTE_ADDR")
	AllowFileExt = Replace(Replace(Replace(UCase(AllowFileExt), "ASP", ""), "ASPX", ""), "|", ",")

if  errs=flase then

	
for each formName in upload.file 
EnableUpload=true
		set ofile=upload.file(formName)  '生成一个文件对象	
		upfilename=ofile.FileName		
		oFileSize=ofile.filesize	
		sizes=cstr(round(oFileSize*1024))		
		fileExt=lcase(ofile.FileExt)
    		fileExt=trim(fileExt)
    
    		if fileExt<>"" then
		arrUpFileType=split(AllowFileExt,",")
		for i=0 to ubound(arrUpFileType)
			if fileEXT=trim(arrUpFileType(i)) then
				EnableUpload=true
				exit for
			end if
		next
    		else
  			EnableUpload=true
   		end if

				if InStr(fileEXT,"asp") > 0 or InStr(fileEXT,"asa") > 0 or InStr(fileEXT,"aspx") > 0 or InStr(fileEXT,"exe") > 0 or InStr(fileEXT,"bat") > 0 or InStr(fileEXT,"dll") > 0 or InStr(fileEXT,"cer") > 0  or InStr(fileEXT,"cdx") > 0  or InStr(fileEXT,"cgi") > 0  or InStr(fileEXT,"com") > 0 or InStr(fileEXT,"htr") > 0 or InStr(fileEXT,"stm") > 0 or InStr(fileEXT,"php") > 0 or InStr(fileEXT,"jsp") > 0 or InStr(fileEXT,"java") > 0 then
		 EnableUpload=false
		end if
                 if not (fileExt="gif" or fileExt="jpg" or fileExt="jpeg" or fileExt="png") then
                        %><%=we%>图片格式错误！<%=we0%><%
				errs=true
                 end if
		if EnableUpload=false then
			%><%=we%>请选择文件上传！这种文件类型不允许上传:asp|asa|aspx|exe|bat|cer...如果需要上传联系管理员开通(网站基本信息设置)或请先rar（压缩后）再上传<%=we0%><%
				errs=true
		end if
		if oFileSize>(upfilesize*1024) then
      			%><%=we%>图片大小超过了限制，最大只能上传<%=upfilesize%>K的文件！<%=we0%><%
				errs=true
		end if
		if oFileSize=0 then
      			%><%=we%>请先选择你要上传的图片！<%=we0%><%
				errs=true
		end if


		if errs<>true then
randomize
ranNum=int(90000*rnd)+10000
			filename=year(now)&strMonth&strDay&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt

			ofile.SaveToFile Server.mappath(FilePath&filename)   '保存文件   
%><%=we%><%=qingtian.utf8("上传文件成功!")%><%=we0%>
<%
    
     		end if
	
		set ofile=nothing
		
next
set upload=nothing  	
	end  if  
	else%>
	<%=we%><%=qingtian.utf8("系统禁止上传文件!")%><%=we0%>
	<%end if%>
<%=dao%><a href='/shuogewansui/wenjian.asp?url=<%=url%>&amp;sid=<%=tsid%>'>返回文件管理</a><br/>
<a href='/shuogewansui/index.asp?sid=<%=tsid%>'>后台管理首页</a>
<%
end Function 
%>
